Guidance for Industry. 21 CFR Part 11; Electronic. Records; Electronic Signatures. Time Stamps



Similar documents
Guidance for Industry. 21 CFR Part 11; Electronic Records; Electronic Signatures. Electronic Copies of Electronic Records

Guidance for Industry. 21 CFR Part 11; Electronic Records; Electronic Signatures. Maintenance of Electronic Records

Guidance for Industry Part 11, Electronic Records; Electronic Signatures Scope and Application

Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS

Eclipsys Sunrise Clinical Manager Enterprise Electronic Medical Record (SCM) and Title 21 Code of Federal Regulations Part 11 (21CFR11)

Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures

The Impact of 21 CFR Part 11 on Product Development

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

Implementation of 21CFR11 Features in Micromeritics Software Software ID

FDA Title 21 CFR Part 11:Electronic Records; Electronic Signatures; Final Rule (1997)

21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES CFR Part 11 Compliance PLA 2.1

InfinityQS SPC Quality System & FDA s 21 CFR Part 11 Requirements

Guidance for Industry Computerized Systems Used in Clinical Investigations

A ChemoMetec A/S White Paper September 2013

Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system.

Guidance for Industry

Guidance for Industry

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE FDA 21 CFR 11 ALPHATRUST PRONTO ENTERPRISE PLATFORM

FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER

AutoSave. Achieving Part 11 Compliance. A White Paper

21 CFR Part 11 Implementation Spectrum ES

rsdm and 21 CFR Part 11

InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures

Assessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements

Guidance for Industry

Guidance for Industry Classifying Resubmissions in Response to Action Letters

DeltaV Capabilities for Electronic Records Management

Use of Electronic Health Record Data in Clinical Investigations

DeltaV Capabilities for Electronic Records Management

Full Compliance Contents

FDA 21 CFR Part 11 Electronic records and signatures solutions for the Life Sciences Industry

21 CFR Part 11 Checklist

Electronic Document and Record Compliance for the Life Sciences

Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices

21 CFR Part 11 Deployment Guide for Wonderware System Platform 3.1, InTouch 10.1 and Historian 9.0

Enabling SharePoint for 21 CFR Part 11 Compliance - Electronic Signature Use Case

SolidWorks Enterprise PDM and FDA 21CFR Part 11

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

Guidance for Industry

21 CFR Part 11 White Paper

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

FDA STAFF MANUAL GUIDES, VOLUME I - ORGANIZATIONS AND FUNCTIONS FOOD AND DRUG ADMINISTRATION OFFICE OF OPERATIONS

How To Exempt From Reporting And Recordkeeping Requirements For Tv And Computer Monitors With Cathode Ray Tubes

Nova Southeastern University Standard Operating Procedure for GCP. Title: Electronic Source Documents for Clinical Research Study Version # 1

Guidance for Industry

21 CFR Part 11 Compliance Using STATISTICA

Guidance for Industry. 21 CFR Part 11; Electronic. Records; Electronic Signatures. Validation

Contains Nonbinding Recommendations

Oracle WebCenter Content

Guidance for Industry. Further Amendments to General Regulations of the Food and Drug Administration to Incorporate Tobacco Products

Implementing CitectSCADA to meet the requirements of FDA 21 CFR Part 11

Compliance in the BioPharma Industry. White Paper v1.0

Declaration of Conformity 21 CFR Part 11 SIMATIC WinCC flexible 2007

Intland s Medical Template

Document issued on: December 2, The draft of this document was issued on March 11, Contains Nonbinding Recommendations

DRAFT GUIDANCE. This guidance document is being distributed for comment purposes only.

TIBCO Spotfire and S+ Product Family

Guidance for Sponsors, Institutional Review Boards, Clinical Investigators and FDA Staff

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

How To Control A Record System

Information Sheet Guidance For IRBs, Clinical Investigators, and Sponsors

ScreenMaster RVG200 Paperless recorder FDA-approved record keeping. Measurement made easy

Compliance Matrix for 21 CFR Part 11: Electronic Records

Guidance for Industry

Risk Evaluation and Mitigation Strategies: Modifications and Revisions Guidance for Industry

Supplement to the Guidance for Electronic Data Capture in Clinical Trials

Unique Device Identifier System: Frequently Asked Questions, Vol. 1 Guidance for Industry and Food and Drug Administration Staff

Electronic Records and Signatures: Compliance with Title 21 CFR Part 11 Requirements

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)

Guidance for Industry

Guidance for Industry and Food and Drug Administration Staff

Guidance for Industry Quality Systems Approach to Pharmaceutical CGMP Regulations

Using Chromeleon Chromatography Management Software to Comply with 21 CFR Part 11

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

Guidance for Industry Circumstances that Constitute Delaying, Denying, Limiting, or Refusing a Drug Inspection

Guidance for Industry

Using the Thermo Scientific Dionex Chromeleon 7 Chromatography Data System (CDS) to Comply with 21 CFR Part 11. Compliance Guide

21 CFR Part 11 Electronic Records & Signatures

Guidance for Industry

Guidance for Industry and FDA Staff Tonometers - Premarket Notification [510(k)] Submissions

Computerized Systems Used in Medical Device Clinical Investigations

CoSign for 21CFR Part 11 Compliance

U.S. Department of Health and Human Services Food and Drug Administration Center for Drug Evaluation and Research (CDER) March 2006 Compliance

Guidance for Industry

Guidance for Industry

Medical Billing and Agency Formal Disputes

Guidance for Industry and FDA Staff: Current Good Manufacturing Practice Requirements for Combination Products

Guidance for Industry

Transcription:

Guidance for Industry 21 CFR Part 11; Electronic Records; Electronic Signatures Time Stamps Draft Guidance This guidance document is being distributed for comment purposes only. Comments and suggestions regarding this draft document should be submitted within 90 days of publication in the Federal Register of the notice announcing the availability of the draft guidance. Submit comments to Dockets Management Branch (HFA-305), Food and Drug Administration, 5630 Fishers Lane, room 1061, Rockville, MD 20852. All comments should be identified with the docket number 00D-1542. For questions regarding this draft document contact Paul J. Motise, Office of Enforcement, Office of Regulatory Affairs, 301-827-0383, e-mail: pmotise@ora.fda.gov. U.S. Department of Health and Human Services Food and Drug Administration Office of Regulatory Affairs (ORA) Center for Biologics Evaluation and Research (CBER) Center for Drug Evaluation and Research (CDER) Center for Devices and Radiological Health (CDRH) Center for Food Safety and Applied Nutrition (CFSAN) Center for Veterinary Medicine (CVM) February 2002

Guidance for Industry 21 CFR Part 11; Electronic Records; Electronic Signatures Time Stamps Additional copies of this draft guidance document are available from the Office of Enforcement, HFC-200, 5600 Fishers Lane, Rockville, MD 20857; Internet http://www.fda.gov/ora/compliance_ref/part11/default.htm U.S. Department of Health and Human Services Food and Drug Administration Office of Regulatory Affairs (ORA) Center for Biologics Evaluation and Research (CBER) Center for Drug Evaluation and Research (CDER) Center for Devices and Radiological Health (CDRH) Center for Food Safety and Applied Nutrition (CFSAN) Center for Veterinary Medicine (CVM) February 2002 ii

Guidance For Industry 21 CFR Part 11; Electronic Records; Electronic Signatures Time Stamps Table of Contents 1. Purpose...1 2. Scope...2 2.1. Applicability...2 2.2. Audience...3 3. Definitions and Terminology...3 4. Regulatory Requirements; What Does Part 11 Require?...3 5. Key Principles and Practices...4 5.1. Time Stamp Accuracy...4 5.2. Systems Clock Security...5 5.3. Time Zones...6 5.4. Expression of Date and Time...8 5.5. Precision of Date and Time Expressions...8 6. Other Uses of Time Stamps In Electronic Recordkeeping...9 iii

Guidance For Industry 1 21 CFR Part 11; Electronic Records; Electronic Signatures Time Stamps This draft guidance, when finalized, will represent the Food and Drug Administration s (FDA s) current thinking on this topic. It does not create or confer any rights for or on any person and does not operate to bind FDA or the public. An alternative approach may be used if such approach satisfies the requirements of applicable statutes and regulations. 1. Purpose The purpose of this draft guidance is to describe the Food and Drug Administration's (FDA s) current thinking regarding the time stamp requirements of Part 11 of Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures. It provides guidance to industry, and is intended to assist persons who are subject to the rule to comply with the regulation. It may also assist FDA staff who apply part 11 to persons who are subject to the regulation. 1 This draft guidance was prepared under the aegis of the Office of Enforcement by the FDA Part 11 Compliance Committee. The committee is composed of representatives from each center within the Food and Drug Administration, the Office of Chief Counsel, and the Office of Regulatory Affairs. 1

2. Scope This draft guidance is one of a series of guidances about part 11. We intend to provide information with respect to FDA's current thinking on acceptable ways of meeting part 11 requirements to ensure that electronic records and electronic signatures are trustworthy, reliable, and compatible with FDA's public health responsibilities. This draft guidance focuses on time stamps applied by computer systems and identifies key principles and practices regarding time stamps. 2.1. Applicability This draft guidance applies to electronic records and electronic signatures that persons create, modify, maintain, archive, retrieve, or transmit under any records or signature requirement set forth in the Federal Food, Drug, and Cosmetic Act (the Act), the Public Health Service Act (PHS Act), or any FDA regulation. Any requirements set forth in the Act, the PHS Act, or any FDA regulation, with the exception of part 11, are referred to in this document as predicate rules. Most predicate rules are contained in Title 21 of the Code of Federal Regulations. In general, predicate rules address the research, production, and control of FDA regulated articles, and fall into several broad categories. Examples of such categories include, but are not limited to, manufacturing practices, laboratory practices, clinical and pre-clinical research, adverse event reporting, product tracking, and pre and post marketing submissions and reports. 2

2.2. Audience We intend this draft guidance to provide useful information and recommendations to: Persons subject to part 11; Persons responsible for implementing time stamps in electronic record and electronic signature systems; and, Persons who develop products or services to enable implementation of part 11 requirements; This draft guidance may also assist FDA staff who apply part 11 to persons subject to the regulation. 3. Definitions and Terminology Unless otherwise specified below, all terms used in this draft guidance are defined in FDA s draft guidance document, Guidance For Industry, 21 CFR Part 11; Electronic Records; Electronic Signatures, Glossary of Terms, a document common to the series of guidances on part 11. 4. Regulatory Requirements; What Does Part 11 Require? Section 11.10 requires persons to employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. To satisfy this requirement persons must, among 3

other things, employ procedures and controls that include the use of computer generated time stamps. For example: Section 11.10(e), requires controls and procedures to include the [u]se of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records..." (emphasis added). Section 11.50(a)(2) requires signed electronic records to contain information associated with the signing that clearly indicates, among other things, the date and time when the signature was executed." (emphasis added). Section 11.50(b) requires the date and time when the signature was executed to be included as part of any human readable form of the electronic record (such as electronic display or printout). 5. Key Principles and Practices 5.1. Time Stamp Accuracy Persons must use procedures and controls for time stamps under part 11 (as described above), designed to ensure, among other things, the authenticity and integrity of electronic records. Accordingly, procedures and controls should be implemented to ensure time stamps are accurate and reliable. It is extremely important for time stamps to be based on computer system clocks that are accurate and reliable. 4

5.1.1. Synchronization Computer clocks should be set correctly and continue to be set correctly. You should establish and follow procedures to ensure that computer clocks are set properly. For example, computers on a network should automatically synchronize their clocks with that of a designated network computer (e.g., as part of the process of logging on to the network). The network "master clock" or time server should, itself, be synchronized to a recognized standard computer clock. Computers not connected to a network should have their clocks synchronized to a recognized standard clock and should be periodically verified against the standard clock. 5.2. Systems Clock Security You should be able to detect inappropriate changes to computer clocks. You should establish and follow procedures to detect and deter inappropriate changes to computer clocks. For example, employees should be made aware that unauthorized changes to clock settings are serious and unacceptable actions. We believe employee training and awareness programs are especially important where computer systems lack a technical means of preventing people from changing clock settings. For example, in general, laptop computers lack a means of preventing clock changes. 5

Persons responsible for system security should periodically conduct unannounced checks of computer clocks to detect and deter unauthorized clock changes. In addition, time stamps on electronic records should be spot checked for anomalies that might indicate inappropriate clock settings. For example, if the time stamps in an audit trail show a date and time of record modification that is earlier than the date and time of record creation, this discrepancy might indicate that there have been unauthorized clock modifications. 5.3. Time Zones In the preamble to the final rule for part 11, entitled 21 CFR Part 11 Electronic Records; Electronic Signatures, we stated: [R]egarding systems that may span different time zones, the agency advises that the signer s local time is the one to be recorded. (See comment paragraph 101 in 62 Fed. Reg. 13430, at 13453 (March 20, 1997).) We have reconsidered this position, and the guidance presented here reflects our current thinking, and supersedes the position in comment 101 with respect to the time zone that should be recorded. You should implement time stamps with a clear understanding of what time zone reference you use. Systems documentation should explain time zone references as well as zone acronyms or other naming conventions. For example, the time zone reference might be a central point like Greenwich Mean Time, a point local to the computer where the activity linked to the time stamp occurs, or a point where the time stamp clock (e.g., a time stamp server) is located. 6

The time zone reference should be part of the time stamp itself and appear in human readable forms of the time stamp. In our view, this procedure would help to ensure the authenticity and integrity of the electronic record (as well as the electronic audit trail) because it potentially eliminates confusion with respect to the timing of a particular event or action that could be attributed to different time zones. We recognize, however, that you might not elect to include the time zone reference in the time stamp itself or as part of the human readable form of the time stamp. We believe this approach can be potentially problematic if records are copied or transferred within (or accessed from) different organizations, or different components of an organization, that use different time zone references. In such cases, the reader could easily become confused as to exactly what time zone reference was used. Nonetheless, if you decide to adopt this approach, you should have readily available systems documentation that clearly explains what time zone references apply, and you should establish mechanisms to ensure that the reader has a clear and accurate understanding of the correct time zone reference. For example, you might flag a record with a code that a reader could use to determine the time zone reference used. 7

5.4. Expression of Date and Time System documentation should define how date and time are expressed. For example, a date expressed as 02/03/04 might have a variety of meanings (e.g., February 3, 2004 or March 2, 2004) and without a clear indication of what convention applies, it could create confusion. Likewise, time might be expressed using 24 or 12 hour conventions (e.g., 1330 hrs, or 1:30 p.m). You should take steps to ensure that date and time expressions are clearly understood throughout an organization. As we discussed in section 5.3, Time Zones, if different parts of an organization elect to express date and time differently, the reader might become confused and draw erroneous conclusions about when events took place. It is very important for people who read the time stamp to have a clear understanding of what date and time expressions apply, especially where records in a collection express date and time differently. 5.5. Precision of Date and Time Expressions Audit trail and signature time stamps should be precise to the hour and minute. Date expressions in those stamps should indicate year, month and numerical day of the month. (Other uses of time stamps, such as controlling and monitoring a manufacturing process, are beyond the scope of this draft guidance document, but you should be aware that they might warrant different degrees of precision.) 8

6. Other Uses of Time Stamps In Electronic Recordkeeping Use of time stamps might have value in implementing other part 11 controls, although the regulation does not require time stamps as a means of achieving those controls. You might find the guidance in this draft document helpful in implementing time stamps in those other controls. Here are some examples: Limiting system access to authorized individuals (section 11.10(d)); there might be situations in which individuals are only permitted to access a system during certain times. Access might be controlled, in part, by checking a system clock as part of the log on process and recording the time stamp in an access log to document attempts at unauthorized access. Ensuring proper sequencing of events (section 11.10(f)); applying reliable automated time stamps to each event in a sequence can help demonstrate that they occurred in the proper chronological order. Documenting the time-sequenced development and modification of systems documentation (section 11.10(k)(2)); reliable time stamps can help show that systems documentation was prepared in a preestablished order. DocID:TimestampsDraftPostRESOCC.doc 2/11/02 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information